You can view and search the status of the devices in your org, and deprovision or wipe (factory reset) them. You can also monitor all devices to determine if they are encrypted, have been jailbroken or rooted, or have been upgraded to the latest operating system version. You can deprovision OMM functions or wipe enrolled devices by clicking the icon in the Actions column.

Click a device to view its attributes and perform specific functions such as reset (Android) or clear (iOS) the device's passcode, remotely lock the device, and deprovision or wipe the device.

There are two was to access a device's Device Attributes page:

Directory > People > user > Mobile, then click a device.

Devices > Overview, then click the device in the Device Name & User column.

This option removes all apps and data from the device and restores its factory settings. Like the Wipe Company Data option, this option also unenrolls the device from OMM. Devices wiped of all data are listed as Deprovisioned under the Status column. The device appears in the device report as Deprovisioned. If the user is reactivated later, they must re-enroll their device. Also note the following:

The Wipe All Device Data option is not available for devices enrolled in OMM through Android for Work.

Wipe Company Data — In the Actions column, click the icon next to the device, then click Wipe Company Data in the window to selectively wipe only Okta-managed native apps. Personal apps, content, and settings are retained. (You can also do this from the Device Attributes page using the Device Actions drop-down menu.) Best practice

Wipe All Device Data — In the Device Name & Users column, click the device name to access the Device Attributes page, click the Device Actions drop-down menu, and then click to fully wipe all apps and data from the device and restore its factory settings.

In the Actions column, click the icon next to the device, then click Wipe Company Data in the window to selectivly wipe only Okta-managed native apps. Personal apps, content, and settings are retained. (You can also do this from the Device Attributes page using the Device Actions drop-down menu.) Best practice

To unenroll an end user from OMM, first wipe all company data from the device through the Devices page. End users should not remove/unenroll OMM from their devices themselves because the Okta servers may never detect the removal (for example, if there is a poor network connection, or if the device is offline). This creates a scenario in which a deprovisioned device is still listed as enrolled on the Devices page. This scenario can occur regardless of a device's rooted or jailbroken status.

Note: When an end user is deleted from Okta, their devices no longer appear in the device report. For details about generating reports, see Reporting below.

Root Detection: If an Android device has been rooted, while it doesn't mean the end user has necessarily done anything inappropriate with their device, it does mean they have access to alter the firmware and/or OS that Google and the manufacturer/carrier shipped with the device.

You can determine from the Devices page whether a device has been jailbroken or rooted. Affected devices are indicated by an icon and label, as shown below:

This kind of manipulation leaves devices more vulnerable to malware. You may want to deprovision it and/or assess the associated risks.

For iOS devices, the admin clears the passcode and the end user must set up a new one themselves within one hour.

Notes:

This option has a minimum requirement of Okta Mobile 1.2.8 for Android or Okta Mobile 4.2 for iOS.

iOS devices that have been rebooted or reset may not receive the Clear Passcode command if they do not have mobile data connections (3G, 4G, or LTE), as they do not automatically join WiFi connections until a passcode is entered. For more information, see this article.

Go to Devices > Overview.

Click the device whose password you want to clear or reset.

On the Device Attributes page, click Device Actions on the upper-right side of the page.

Click Clear Passcode (for iOS) or Reset Passcode (for Android).

iOS

For iOS devices, click Clear Passcode to confirm. From that point on, the end user has one hour to set a new passcode.

Android

For Android devices, enter the new passcode you want to assign to this device, then click Reset Passcode.

Important: If you are resetting the passcode of a Samsung SAFE or Native Android device, make sure that the passcode you enter complies with the General Android Device Passcode Requirements configured in the Platform Rule (Devices > Mobile Policies). Be aware that, even though you are not prevented from entering a non-compliant passcode in the New Passcode field and a success message may display after you click Reset Passcode, the non-compliant passcode will not work and the end user will not be able to access apps.

The following table details support for the Clear and Reset passcode options by Android device type and operating system version.

Support for Clear and Reset Passcode options, Android devices

Device and passcode type

Operating system

Android OS earlier than 7.0

Android OS 7.0+

Device Passcode:Android for Work

Not supported

Not supported

Profile Passcode:Android for Work

n/a

Not supported

Device Passcode:Non-Android for Work(SAFE and Native)

Both options are supported by Okta

Clear Passcode option – Not supported; option is not available in the menu

To see granular data about each device, you can generate a report by clicking Download CSV. The resulting .csv file provides comprehensive per-device information, including device status, serial number, platform, device capacity (MB), and available device capacity (to name a few).

Android note: To provide users with greater data protection, starting in 6.0.x release, Android removes programmatic access to the device's local hardware identifier for apps using the Wi-Fi and Bluetooth APIs. For details, see this Android documentation.